[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OT] Why kill a private key publicly?
On 07/13/2016 10:49 AM, Georgi Guninski wrote:
> On Wed, Jul 13, 2016 at 01:04:59AM -0600, Mirimir wrote:
>> OK, let's see if you can spoof my email address, and produce a signed
>> message with a valid signature :)
> Spoofing your email detectably is trivial, e.g. with netcat by hand.
> If I could sign in your name, why kill your private key publicly,
> scaring gpg lusers? Wouldn't it be better for me to profit from your
> private key?
For lulz :)
And anyway, Mirimir has nothing worth stealing except reputation.
> IMHO for the majority of lusers, getting their private key is not
> related to crypto, more to apps sploits.
True. Not so trivial, though.
> lol, just trolling ;)
> @juan: denying you wrote something signed is possible too. just revoke
> the key, claiming hax0r attack. for plausibility you can leak the
> private signing key (assuming it is worthless as it should be on ML).